[SECURITY] Fedora 37 Update: prrte-2.0.2-5.fc37

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

[SECURITY] Fedora 38 Update: prrte-2.0.2-5.fc38

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

[SECURITY] Fedora 39 Update: prrte-2.0.2-5.fc39

PRRTE is the PMIx Reference Run Time Environment. The project is formally referred to in documentation by "PRRTE", and the GitHub repository is "openpmix/prrte". However, we have found that most users do not like typing the two consecutive "r"s in the name. Hence, all of the internal API symbols,...

SUSE CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-39956

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

Design/Logic Flaw

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

CVE-2023-39956 Electron: Out-of-package code execution when launched with arbitrary cwd

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app is launched with...

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Impact Apps that are launched as command line executables are impacted. E.g. if your app exposes itself in the path as myapp --help Specifically this issue can only be exploited if the following conditions are met: Your app is launched with an attacker-controlled working directory The attacker ha...

SUSE CVE-2022-48064

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfddwarf2findnearestlinewithalt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack...

Lockbit leak, research opportunities on tools leaked from TAs

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service RaaS program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted...

Vulnerabilities fixed in Rarlab WinRAR

Rarlab has fixed vulnerabilities in WinRAR. A malicious person could exploit the vulnerabilities to execute arbitrary execute arbitrary code with user privileges. The vulnerability with reference CVE-2023-40477 is located in the way How WinRAR handles Recovery Volumes. A malicious party can creat...

Genians Genian NAC 代码注入漏洞

Genians Genian NAC is a network security and access control software from Genians Korea. It helps organizations identify IP-enabled devices, manage vulnerabilities and check device configurations to protect network access environments. A security vulnerability exists in Genians Genian NAC, which...

CVE-2023-28479

An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform installs a full development toolchain within every TigerGraph deployment. An attacker is able to compile new executables on each Tigergraph system and modify system and Tigergraph binaries...

TigerGraph Security Vulnerability

TigerGraph is one of the world's fastest and most scalable graph analytics platforms from the TigerGraph community. Enabling real-time big data graph applications. A security vulnerability exists in Tigergraph Enterprise version 3.7.0 that stems from the ability of an attacker to compile a new...

PT-2023-21748 · Tigergraph · Tigergraph Enterprise

Name of the Vulnerable Software and Affected Versions: Tigergraph Enterprise version 3.7.0 Description: An issue was discovered in the TigerGraph platform, which installs a full development toolchain within every TigerGraph deployment. This allows an attacker to compile new executables on each...

thunderbird: File Extension Spoofing using the Text Direction Override Character

Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This...

AZL-34639 CVE-2023-39129 affecting package crash for versions less than 8.0.4-3

GNU gdb GDB 13.0.50.20220805-git was discovered to contain a heap use after free via the function addpeexportedsym at /gdb/coff-pe-read.c...

DEBIAN-CVE-2023-1386

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the gue...

CVE-2022-28737

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...